Akamai Diversity

The Akamai Blog

Community, Convenience, and the Claviger

One of the most common complaints on the Akamai Community is from people who are browsing the web from IP addresses that Akamai has seen performing malicious activity.  Depending on the severity and number of these malicious activities, Akamai assigns the IP address a rating that predicts the likelihood that the IP will perform a malicious act in the future.   These ratings come from our Client Reputation module, a module that is sold to Akamai Kona Site Defender Customers.

It is important to note that neither Client Reputation nor Akamai ever actually blocks any IPs from accessing any sites, rather it is the site owners (Akamai's customers) who decide whether or not to block a particular IP based on the reputation score of the client and the activity category associated with the score.  So if you happen to be visiting a site that is running the Akamai Intelligent Platform (in other words, if you are visiting any of the top social media sites, one of the 100 largest banks in the world, or one of the top 100 eCommerce sites in the world) and you are denied access, there is probably a good reason.  It might not be your fault.  Your computer may have been compromised by a virus.  But if you are absolutely positively sure that you have done no wrong, you probably want to raise a ticket with the customer who is blocking you.  That Akamai customer, in turn, can raise a ticket with Akamai.  But know this:  while it's possible that your claims are valid and we'll clean your IP's reputation, it is also true that others can and do use the Akamai Community platform in order to get themselves whitelisted even though their intentions are malicious.   We have seen this happen, it is a common social engineering tactic.

Our threat operations team closely inspects all relevant end-user complaints, and if we determine that the complaint is valid, we cleanse the reputation score of the IP address in our client reputation database.  (Note that even if the IP address is cleansed, every request that comes from that IP address is still scrutinized by our Web Application Firewall).  At any rate, because we see so much of the world's web traffic, we see a lot of malicious behavior. In many cases we can trace the bad behavior to a particular IP address.  We've seen financial institutions, stock markets, government websites, and more repeatedly scraped, DoS'd, and attacked.  If we observe that an IP address doing any of these things, in order to protect our Client Reputation customers from this user, we will not clean that individual.

It's important to emphasize that this is the exact purpose of the Client Reputation service, that our customers are happy, and that the service works as expected. Social engineering is a common method used to put pressure on companies in order to bypass their controls. Akamai's goal in the case of each complaint is to validate that this is not a case of someone trying to put pressure on us in order to bypass the protection mechanisms that we offer for our customers. No control is 100% perfect, and in some cases end-users may be inconvenienced - that's where our threat operations team comes into place. We validate each complaint and take proper measures to handle them quickly and on a continuous basis.